Connect Tunnel

by SonicWall Inc.v12.5.0.221

Last updated Jun 8, 2026

Connect Tunnel provides secure remote access for IT-managed devices.

Install with winget

$ winget install --id SonicWall.ConnectTunnel --exact --version 12.5.0.221

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Silent install command for Connect Tunnel

Connect Tunnel uses EXE (Burn bundle). The silent install switches are /quiet /norestart.

One-line silent install (x64, machine scope)

msiexec.exe /i ConnectTunnel_x64-12.5.0.221.exe /quiet /norestart

See the full silent install reference for Connect Tunnel →

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

About

The Connect Tunnel provides an “in-office” experience for a remote working world with full access away from the office. For IT-managed Mac, Windows, and Linux users, this thin client delivers fast and secure remote access to sensitive corporate data and assets. For Windows 10 users, Connect Tunnel supports Device Guard, a Windows server component which enables secure authorized access.

With Connect Tunnel, you always maintain centralized control because it integrates directly with SMA 1000 Unified Policy and End Point Control (EPC) to ensure a safe environment and a compliant device before allowing network access.

Installers · v12.5.0.221

Architecture	Type	Scope	Download
x86	EXE Burn bundle	machine	Direct
x64	EXE Burn bundle	machine	Direct
arm64	EXE Burn bundle	machine	Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

5 known CVEs via NVD

high7.8Patched in wingetCVE-2021-20051affects <=4.10.7.1117May 4, 2022
SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system.
Vendor advisory
high7.8Patched in wingetCVE-2021-20047affects <=4.10.6Dec 7, 2021
SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and earlier have a DLL Search Order Hijacking vulnerability. Successful exploitation via a local attacker could result in remote code execution in the target system.
Vendor advisory
high7.8Patched in wingetCVE-2021-20037affects <=4.10.5Sep 20, 2021
SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts GVC 4.10.5 installer and earlier.
Vendor advisory
high8.6Patched in wingetCVE-2020-5145affects <=4.10.4.0314Oct 28, 2020
SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to remote code execution in the target system.
Vendor advisory
high7.8Patched in wingetCVE-2020-5144affects <=4.10.4.0314Oct 28, 2020
SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability.
Vendor advisory

Source: NVD, updated just now. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr - automated patching is the only way to keep up.

Related apps

SonicWall NetExtenderSonicWall Inc.
SonicWall.NetExtenderv10.3.5
SonicWall NetExtender provides secure remote access for Windows and Linux users.
SonicWall Cloud Secure EdgeSonicWall Inc.
SonicWall.CloudSecureEdgev4.2.0
Cloud-delivered zero-trust access client for securely connecting users to private and internet resources.
KaringSupernova Nebula LLC
KaringX.Karingv1.2.19+2209
A singbox GUI based on flutter.
Zapret 2loop-uh
loop-uh.Zapret2v21.0.0.6
Bypassing Discord and YouTube blocks
Cloudflare One ClientCloudflare, Inc.
Cloudflare.Warpv26.4.1390.0
1.1.1.1 with WARP replaces the connection between your device and the Internet with a modern, optimized, protocol.
spacedesk Windows DRIVERdatronicsoft Inc.
Datronicsoft.SpacedeskDriver.Serverv2.2.22.0
Spacedesk Driver Software for Windows PRIMARY PC (server) runs only with Windows 11 and Windows 10

More from SonicWall Inc. or browse network, vpn.

Frequently asked questions

How do I install Connect Tunnel on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id SonicWall.ConnectTunnel --exact --version 12.5.0.221. winget downloads the installer from SonicWall Inc. and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install Connect Tunnel silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id SonicWall.ConnectTunnel --exact 12.5.0.221 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

What are the silent install switches for Connect Tunnel?

Connect Tunnel uses EXE (Burn bundle). Run the downloaded installer with: msiexec.exe /i ConnectTunnel_x64-12.5.0.221.exe /quiet /norestart. The silent switches are /quiet /norestart.

How do I uninstall Connect Tunnel via winget?

Run: winget uninstall --id SonicWall.ConnectTunnel --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from Connect Tunnel's Apps & Features entry.

Is Connect Tunnel free?

Connect Tunnel is distributed under Proprietary. Refer to the publisher (https://www.sonicwall.com/products/remote-access/vpn-clients) for the full license terms - Wingetly itself does not charge for installation.

Does Connect Tunnel work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls Connect Tunnel directly from the publisher.

How do I keep Connect Tunnel up to date?

Run winget upgrade --id SonicWall.ConnectTunnel --exact, or winget upgrade --all to update everything winget tracks. We index 4 versions of Connect Tunnel from microsoft/winget-pkgs.

Recent versions

12.5.0.221latest
12.5.0.212
12.4.3.341
12.4.3.311